Hi
Using JWT, noticed my log file is growing really big recently. I noticed that everytime we are connecting to to Kibana though JWT, i am seeing this line:
io.jsonwebtoken.security.WeakKeyException: The verification key's size is 128 bits which is not secure enough for the HS256 algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HS256 MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys class's 'secretKeyFor(SignatureAlgorithm.HS256)' method to create a key guaranteed to be secure enough for HS256. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.
Our key is 70 characters long, so doesnt that mean its 560 bits (70 x 8)? If thats the case how come i am seeing this?
Actually that still doesnt fix it. I changed my key to 276 characters - and still getting the same message in the logs. I dont have to restart ES do i? I mean its just the key that has changed